Icefire
IceFire is a ransomware group first observed in 2022 that expanded to Linux in early 2023 by exploiting a vulnerability in IBM Aspera Faspex (CVE-2022-47986), targeting media and entertainment organizations in Turkey, Iran, Pakistan, and the UAE using double-extortion tactics.
Victims
11
First Discovered
2022-08-20
victim
Last Discovered
2022-08-20
victim
Inactive Since
3yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
N/A
victims with domain
Countries
0
hit
Known Locations (2)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
Leakage List | No | 2026-04-28T07:24:11 |
kf6x3mjeqljqxjznaw65jixin7dpcunfxbbakwuitizytcpzn4iy5bad.onion
|
|||
|
Leakage List | No | 2026-04-28T07:26:47 |
7kstc545azxeahkduxmefgwqkrrhq3mzohkzqvrv7aekob7z3iwkqvyd.onion
|
Target
Top 5 Activity Sectors
- Technology 7
- Education 1
- Financial Services 1
- Consumer Services 1
- Manufacturing 1
Top 5 Countries
Heatmap
Ransom Notes (1)
YARA Rules (1)
Victims (11)
